tAdd support for open/close post-hooks - tomb - the crypto undertaker
HTML git clone git://parazyd.org/tomb.git
DIR Log
DIR Files
DIR Refs
DIR README
DIR LICENSE
---
DIR commit 9e8bd1924be688b541b1d7c3ca89206f419d19e6
DIR parent 2b0938f6c0ad760761c87adcd02ad0110c79aa25
HTML Author: Hellekin O. Wolf =8) <hellekin@cepheide.org>
Date: Sat, 12 Feb 2011 12:38:59 +0100
Add support for open/close post-hooks
Now, the post-hooks is passed an argument (open or close) that can be
used to launch commands when the tomb opens or closes, respectively.
This patch also introduces a safer version of bind-hooks that doesn,t
eval the contents, but read a map:
local/to/tomb local/to/HOME
The local/to/HOME is hardly enforced ATM.
Diffstat:
M src/tomb | 51 +++++++++++++++++++++++++++++--
1 file changed, 48 insertions(+), 3 deletions(-)
---
DIR diff --git a/src/tomb b/src/tomb
t@@ -645,8 +645,9 @@ mount_tomb() {
chown $(id -u $ME):$(id -g $ME) ${tombmount}
notice "encrypted storage $tombfile succesfully mounted on $tombmount"
- exec_bind_hooks ${tombmount}
- exec_post_hooks ${tombmount}
+# exec_bind_hooks ${tombmount}
+ exec_safe_bind_hooks ${tombmount}
+ exec_post_hooks ${tombmount} open
return 0
}
t@@ -772,6 +773,48 @@ exec_bind_hooks() {
eval $hook
}
+# FIXME: this should sanitize pathes!
+exec_safe_bind_hooks() {
+ local MOUNTPOINT="${1}"
+ local ME=${SUDO_USER:-$(whoami)}
+ local HOME=$(grep $ME /etc/passwd | sed "s/^${ME}:.*:.*:.*:.*:\([\/a-z]*\):.*$/\1/" 2>/dev/null)
+ if [ $? -ne 0 ]; then
+ error "how pitiful! A tomb, and no HOME"
+ return 1
+ fi
+ if [ -z "$MOUNTPOINT" -o ! -d "$MOUNTPOINT" ]; then
+ error "cannot exec bind hooks without a mounted tomb."
+ return 1
+ fi
+ if [ ! -r "$MOUNTPOINT/bind-hooks" ]; then
+ func "cannot read bind-hooks."
+ return
+ fi
+ typeset -al created
+ typeset -al mounted
+ typeset -Al maps
+ maps=($(<"$MOUNTPOINT/bind-hooks"))
+ for dir in ${(k)maps}; do
+ if [ "${dir[1]}" = "/" -o "${dir[1,2]}" = ".." ]; then
+ error "bind-hooks map format: local/to/tomb local/to/\$HOME"
+ continue
+ fi
+ if [ "${${maps[$dir]}[1]}" = "/" -o "${${maps[$dir]}[1,2]}" = ".." ]; then
+ error "bind-hooks map format: local/to/tomb local/to/\$HOME. Rolling back"
+ for dir in ${mounted}; do umount $dir; done
+ for dir in ${created}; do rmdir $dir; done
+ return 1
+ fi
+ if [ ! -d "$HOME/${maps[$dir]}" ]; then
+ notice "creating $HOME/${maps[$dir]}"
+ mkdir -p $HOME/${maps[$dir]}
+ created+=("$HOME/${maps[$dir]}")
+ fi
+ mount --bind $MOUNTPOINT/$dir $HOME/${maps[$dir]}
+ mounted+=("$HOME/${maps[$dir]}")
+ done
+}
+
exec_post_hooks() {
mnt=$1 # first argument is where the tomb is mounted
if ! [ -x ${mnt}/post-hooks ]; then return; fi
t@@ -783,7 +826,7 @@ exec_post_hooks() {
cat ${mnt}/post-hooks | head -n1 | grep '^#!/'
if [ $? = 0 ]; then
act "post hooks found, executing as user $SUDO_USER"
- exec_as_user ${mnt}/post-hooks
+ exec_as_user ${mnt}/post-hooks $2
fi
}
t@@ -845,6 +888,8 @@ umount_tomb() {
func "$unbind"
fi
+ # Execute post-hooks for eventual cleanup
+ exec_post_hooks ${tombmount} close
act "closing tomb $tombname on dm-crypt $basemap"
mount | grep $mapper 2>&1 >/dev/null